package com.donger.auth;

import com.donger.auth.config.PermitAllUrlProperties;
import com.donger.auth.filter.ValidateCodeFilter;
import com.donger.auth.mobile.MobileSecurityConfigurer;
import lombok.AllArgsConstructor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * 资源服务器配置
 *
 * @author xyx
 */
@Configuration
@AllArgsConstructor
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {


    @Autowired
    private PermitAllUrlProperties properties;


    @Autowired
    private MobileSecurityConfigurer mobileSecurityConfigurer;

    @Autowired
    private ValidateCodeFilter validateCodeFilter;


    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        super.configure(resources);
    }

    /**
     * 配置资源的访问情况
     * @param http
     * @throws Exception
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http
                .addFilterAfter(validateCodeFilter, UsernamePasswordAuthenticationFilter.class)
                .authorizeRequests();
        properties.getIgnoreUrls()
                .forEach(url -> registry.antMatchers(url).permitAll());
        registry
                .anyRequest().authenticated()
                .and().csrf().disable()
                .headers().frameOptions().disable()
                .and().apply(mobileSecurityConfigurer);
    }



}
